CVE-2017-16025

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-16025

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16025.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-16025

Aliases

GHSA-3pwh-5mmc-mwrx

Published

2018-06-04T19:29:01.490Z

Modified

2026-03-14T09:22:26.053232Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only present when websocket authentication is set to cookie. Submitting an invalid cookie on the websocket upgrade request will cause the node process to error out.

References

Affected packages

Git / github.com/hapijs/nes

Affected ranges

Type

GIT

Repo

https://github.com/hapijs/nes

Events

Introduced

Last affected

71e9232bb84ad30ab0a5f62647b07144d44e2930

Fixed

249ba1755ed6977fbc208463c87364bf884ad655

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.4.0"
        }
    ]
}

Affected versions

v0.*

v0.2.0

v0.3.0

v0.4.0

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.1.2

v1.2.0

v1.2.1

v1.2.2

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.1.0

v2.2.0

v2.3.0

v2.3.1

v3.*

v3.0.0

v3.1.0

v3.1.1

v3.1.2

v4.*

v4.0.0

v4.1.0

v4.2.0

v4.2.1

v4.3.0

v4.4.0

v4.4.1

v4.5.0

v4.6.0

v5.*

v5.0.0

v5.0.1

v5.0.2

v5.0.3

v6.*

v6.0.0

v6.0.1

v6.0.2

v6.1.0

v6.1.1

v6.1.2

v6.2.0

v6.2.1

v6.2.2

v6.2.3

v6.2.4

v6.2.5

v6.3.0

v6.3.1

v6.3.2

v6.4.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16025.json"